面向网络空间的访问控制模型

提出一种面向网络空间的访问控制模型，记为CoAC。该模型涵盖了访问请求实体、广义时态、接入点、访问设备、网络、资源、网络交互图和资源传播链等要素，可有效防止由于数据所有权与管理权分离、信息二次/多次转发等带来的安全问题。通过对上述要素的适当调整可描述现有的经典访问控制模型，满足新的信息服务和传播模式的需求。给出了CoAC管理模型，使用Z-符号形式化地描述了管理模型中使用的管理函数和管理方法。该模型具有极大的弹性、灵活性和可扩展性，并可进一步扩充完善，以适应未来信息传播模式的新发展。

Novel cyberspace-oriented access control model

A novel cyberspace-oriented access control model was proposed, termed as CoAC, which avoided the threats by comprehensively considering vital factors, such as the access requesting entity, general tense, access point, device, networks, resource, internet-based interactive graph and chain of resource transmission. By appropriately adjusting these factors, CoAC emulated most of typical access control models and fulfilled the requirements of new information service patterns and dissemination modes. The administrative model of CoAC was also presented and the functions and methods for administrating CoAC were described by utilizing Z-notation. CoAC is flexible and scalable, it can be further refined and expanded to figure out new opportunities and challenges in the upcoming access control techniques.